[CentOS] [OT] Corporate Firewall -- NAT/PAT != bridging/routing with inspection

Fri Nov 11 01:00:17 UTC 2005
Ryan <ryanag at zoominternet.net>

Bryan J. Smith wrote:
> Adam Gibson <agibson at ptm.com> wrote:
> 
>>M0n0wall is a freebsd based system but it does support a
>>public IP DMZ/Service interface.  You have to enable 
>>advanced NATing.
> 
> 
> Layer-3/4 Source and Destination NAT/PAT (network/port
> address translation) is _not_ the same as layer-2 bridging or
> layer-3 routing between networks and inspecting the packets
> then.  I think he's looking for layer-2 bridging or layer-3
> routing, not SNAT/DNAT.


M0n0wall can be configured as a bridging firewall.

It only appears to be another IP on the LAN when in this mode and does 
not do NAT.


 >IPCop does SNAT/DNAT, and can translate multiple public IPs
 >into private ones -- LAN, 2nd LAN (e.g., WLAN), DMZ, etc...
 >as well.

Yes, but you need to seriously hack it.....IPCop doesn't support 
multiple subnets on the same interface (LAN or WAN) very well at all.


Pre-built m0n0wall boxes are pretty cheap these days:
http://www.netgate.com/product_info.php?products_id=209